Would application automatically authenticate if registered in different tenancies on azure

2619 views azure
4

I created 2 applications locally on my laptop, registered them on azure b2c ad as 2 seperate apps. Also both applications have seperate signin and signup policy.

When I successfully log into one app A and refreshed page on app B I see myself as logged in as well.

So logging to app A makes me logged in app B as well AUTOMATICALLY [and I don't understand how but this is what's happening...]

My Question is that, is this behaviour going to presist if applications are registered in different tenancies, if not which I suspect, then is there anyway to make this work ?

Unfortunately I don't have enough access to multiple tenants to test this.

answered question

Access to tenants for testing your scenario shouldn't be a problem - Microsoft has plenty of opportunities to set up free trials that you could use to test this.

1 Answer

5

Applications on Azure B2C are used for registering applications that can integrate with your directory. Once you have successfully authenticated then it doesn't matter what application you have logged in using.

If you want to control access then you need to use the API Access/Scopes functionality. (Applications > Published Scopes)

You can achieve your scenario by doing the following:

  1. Go to App1 and choose published scopes. Create a new scope called "App1" (or whatever you want).
  2. Go to App2 and choose API access. Add a new API access and choose the scope you have just added. Note it is important not to edit existing scopes as it can affect B2C services.
  3. The scope will now be included within the users token when you authenticate which can be validated when you are checking the users token. For example: public const string ScopeElement = "http://schemas.microsoft.com/identity/claims/scope";

    protected bool CheckHasRequiredScopes(String permission) { if (ClaimsPrincipal.Current != null && ClaimsPrincipal.Current.FindFirst(ScopeElement) != null) { return (ClaimsPrincipal.Current.FindFirst(Config.ScopeElement).Value.Contains(permission));
    }

        return false;
    }
    

"permission" is the name of the scope you want to check.

Further info is available here MSDN Link

posted this

Have an answer?

JD

Please login first before posting an answer.